A Conceptual Framework to Leverage Heuristics for Effective Human-Machine Collaboration in Incident Handling

Managing cybersecurity incidents increasingly depends on advanced levels of automation. However, human involvement remains essential due to the need for high accuracy and the risk of severe damage. Therefore, incident response requires a high degree of human-machine teaming to both simplify the complexity of modern incident handling tasks and ensure a reliable decision-making process. We introduce a conceptual framework designed to augment machine learning-based incident handling by integrating heuristic-based methods for improved efficiency. Integrating heuristic-based methods to compare the results of machine learning classifiers can potentially enhance human comprehension of the output of the machine learning model, thus facilitating human reasoning. We validate the practicality of the framework by applying it to the specific use case of email phishing detection, demonstrating that our approach supports operators for a more accurate phishing classification. The results demonstrate that our framework improves detection accuracy and also potentially enhances the interpretability of the incident handling process, leading to more effective human-machine collaboration in cybersecurity.